Omron CX-Programmer (ICSA-19-094-01)

The NCCIC has published an advisory on a use after free vulnerability in Omron CX-Programmer within CX-One. CX-Programmer v9.70 and prior and Common Components January 2019 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. Omron has released an updated version of CX-One to address the vulnerability. The NCCIC has also provided a series of measures for mitigating the vulnerability. Read the advisory at NCCIC/ICS-CERT.